Software Asset Management: A New Defense Against Cybersecurity Threats

To combat cybersecurity threats, companies are spending millions of dollars in malware protection, firewall solutions, and security consulting. Yet even with these expensive measures, most are unaware of their greatest vulnerabilities.

That’s because cyber criminals are opportunists who seek the path of least resistance. Rather than wasting efforts attacking hardened firewalls, they instead snoop out the often-overlooked back doors to a company’s network, such as unsupported or unapproved software, abandoned user IDs, poor password protection, or the unmanaged server under an IT analyst’s desk.

Of course, companies cannot protect what they cannot manage. To fight back, organizations must ask themselves if they have a complete picture of their infrastructure—what’s deployed, how it’s being used, who’s using it, and if it’s up to date. And that’s where software asset management can help.

Why Software Asset Management (SAM) Matters

Comprehensive asset management is essential to an effective IT infrastructure, service, and cybersecurity management program. SAM is a set of proven processes that delivers a comprehensive view of an organization’s hardware and software inventory, usage, and risks, ultimately enabling organizations to regulate costs and resources, manage business and legal risks, and align IT investments with business needs.

Effective SAM provides critical insights into the number of devices and applications deployed, along with their location and warranty status, which can significantly reduce unnecessary product costs. As a budgetary tool, SAM identifies discrepancies between software licenses owned and deployed and ensures companies are investing wisely and not paying for licenses they aren’t using.

From a security standpoint, SAM helps organizations identify and counter potential threats by ensuring that end-of-life products get decommissioned and that product updates and security patches are applied in a timely way.

In fact, SAM is helping organizations all over the world achieve more with their IT resources. With more than 7,000 employees, Baltika Breweries of Carlsberg Group was expanding and needed to find ways to optimize its IT infrastructure. SAM positioned the company to build an IT roadmap and implement a reliable and scalable solution that has reduced security risks and streamlined operations, yielding an annual cost savings of $100,000. According to Herman Epstein, VP of IT Eastern Europe for Baltika Breweries, Carlsberg Group, “SAM has proved to be an extremely effective optimization tool, and now we will carry out such projects on a regular basis to understand how to use existing software, how to supplement it with cloud technologies, and what to buy.”

Canadian electric company, Alectra, had a different business reason behind its SAM assessment. To prepare for the merger of four separate business units, Alectra’s leaders needed a more complete picture of existing IT resources to eliminate redundancies, pave the way for secure growth, and create sustainable value for shareholders, customers, and its community. The SAM assessment gave the company a complete inventory and surfaced opportunities for financial savings, diminished cybersecurity risks, and identified strategic, cloud-based solutions that have helped it streamline and move forward.

Taking SAM a Step Further with a Cybersecurity Assessment

At Microsoft, we have found that integrating cybersecurity assessments into SAM amplifies the value of this offering. SAM for cybersecurity assessments position organizations to be more proactive about mitigating cyber risks, so they can spend less time responding to security threats and more time achieving their business objectives.

A SAM for cybersecurity assessment provides a comprehensive IT infrastructure analysis that covers current software/hardware deployment and usage, operational processes, and software versions to quickly determine if the right processes are in place to minimize cyber risks. In addition, it provides prescriptive cybersecurity guidance and best practices as companies move ahead.

Benefits of a SAM for cybersecurity assessment include:

Identification of areas of potential risk, fraud, and system vulnerabilities

Cost savings in combatting cyberattacks and increasing efficiencies

More secure management of software assets and reliable cybersecurity practices

A roadmap for building a more resilient IT infrastructure that removes known vulnerabilities

More effective defense against attacks by leveraging the best industry practices and technologies available

SAM enables organizations to set up domains by location, division, or other categories. The ability to match machines and users to specific locations helps to pinpoint security risks and ensures that inventory subsets have not been missed. In practical terms, this means that if there is a service outage, the organization would already have the location details they need to more quickly assess and resolve the problem, minimizing the impact and risk of the outage.

Recognizing Irregularities

Capturing IP addresses helps customers and SAM partners identify irregularities or license data that doesn’t make sense. For example, if an organization sees an IP address from a country where there are no employees, it is likely that an unauthorized user is on their network. Having the ability to identify these potential outliers can bring peace of mind and support the security of a customer’s network and data.

Aligning Data Sources

If a customer has multiple operating locations, it is important to understand if license details such as machine name, IP address, and user names are being captured correctly. For example, a human resources database could be used to align the number of employees at a given location to the license data. If the inventory figures do not align with employee data, then a problem may exist with the data or the number of licenses.

How Mitr Phol Group Used SAM to Increase Its Security

Mitr Phol Group, a major sugar producer, recently consolidated its IT systems to centralize software deployments and management and improve governance across its multiple business units. To amplify the value of its established SAM processes, the company became the first in Thailand to conduct a SAM for cybersecurity assessment with Microsoft and a SAM partner.

In addition to optimizing software use, the engagement enabled Mitr Phol to simplify its computer refresh cycle, which happens every three to six months, with 500-1,000 machines replaced each cycle. The company can now see instantaneously what needs to be replaced and has reduced its licensing review time from two to three months to just one week.

SAM has also positioned Mitr Phol to implement more effective cybersecurity programs, and the company has corrected system vulnerabilities and mitigated security risks while protecting sensitive data. According to Santi Siritaweechai, VP of IT at Mitr Phol, “The results from the SAM for cybersecurity assessment clearly lay out the next steps and identify vulnerabilities to prevent future cybersecurity threats.”